The approaches described in this section could be pursued, but are not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
Senders of electronic mail messages that are unwanted or unsolicited (“spam”), or that contain viruses or other threats such as “phishing” attacks often use tactics to conceal the identity of the senders or the computers that the senders are using. In one approach, senders forward a message multiple times among multiple computers that the senders are using and configure one of the computers at the end of the forwarding chain to automatically send the message to recipients. With this tactic, in systems that use internet protocol (IP) and simple mail transfer protocol (SMTP), the forwarding operations cause appending to the message multiple headers containing multiple different source IP addresses.
Consequently, when the message is received, threat detection systems and other analytical tools often cannot determine the IP address of the actual original sender of the message. In a threat detection system that is based on information indicating the sending reputation of the sender, determining the actual original sender is important, because a reputation value associated with the sender typically determines what action to take for the message.
Based on the foregoing, there is a clear need in the data processing field for a method that permits determining the network address of the sender of e-mail messages.